Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Undocumented package supporting data masking with workload captures and replays.
Owned by SYS with no privileges granted.
The package is further protected with ACCESSIBLE BY (SYS.dbms_rat_mask) so
no demo code can be executed.
API for the mask phase of rat masking for capture files. It makes a call out to the kernel function which iterates over each stmt in each cap file and replaces the values of all sensitive binds with masked values. It also removes binds in AWR.
capture_directory IN VARCHAR2,
script_id IN NUMBER);
user_name IN VARCHAR2, -- user executing the masking script
package_name IN VARCHAR2, -- name of masking package
mask_definition IN XMLTYPE, -- xml of masking definition
control_xml IN XMLTYPE DEFAULT NULL); -- control xml from masking definition
API for the extract phase of rat masking for SQL tuning sets. It makes a call out to the kernel function which iterates over each statement in each STS in the db and extracts all sensitive bind values.
dbms_rat_mask_internal.i_spa_extract_data(script_id IN NUMBER);
API for the mask phase of rat masking for SQL tuning sets. It makes a call out to the kernel function which iterates over each stmt in each STS in the db and replaces the values of all sensitive binds with masked values.
It also removes peeked binds present in the other_xml column of the plan lines table.
dbms_rat_mask_internal.i_spa_mask_data(script_id IN NUMBER);